[xmlsec] clarification on openssl verification
johncrowley at aol.com
Thu Sep 21 07:28:40 PDT 2006
xmlSecOpenSSLKeyDataX509VerifyAndExtractKey() checks keyInfoCtx-
>flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_INVALID_CERT to
determine whether to report error if part of a chain is missing.
We're testing a self-signed cert and erroneously had something
missing but xmlsec proceeded without error.
I can't find where xmlsec actually sets such a flag.
More information about the xmlsec